1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
I understand that you want to write a resource policy to give least privilege policy to federated users.
Creating IAM Policies that grant least privilege is one of the best security practices[1] to create IAM role refer[2]. You can view the condition operators for Amazon Resource Name (ARN) on attached document[3]. The condition operator that you can use in a policy depends on the condition key you choose.
Please see the attached document [4] for reference identifiers.
I hope this helps
Resources:-
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
[2] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
[4] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
answered 2 years ago
Relevant content
- asked 2 years ago
- asked 5 years ago
- asked 10 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
thanks @Asisipho, I guess the problem here is that the policy will end up looking like this. With 50 odd users to add to the condition will make it tedious exercise.
Is there any other/better way to address OP's question. I am also looking for something similar.